Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp4585613ybz; Tue, 28 Apr 2020 14:13:30 -0700 (PDT) X-Google-Smtp-Source: APiQypK4l/CrONGVQGdG08qzYg8zyqzwMKoF7MUZBE0SYlKL3oq+BVFkM/iq6f5LrEkZrW76md6B X-Received: by 2002:a17:906:804a:: with SMTP id x10mr27564129ejw.86.1588108410454; Tue, 28 Apr 2020 14:13:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588108410; cv=none; d=google.com; s=arc-20160816; b=Xg+Bn0cWuRQ/WeZyeVNiI+6Ofcrun5pNwjugFcF6wErXlaEDhx109i6i66+9TuiQ55 dIc3BgvN4mT74E1bbb86mKnuMxMJEnXp5fgchT2Sdw7kLEXXP/BXHvsPO5Aqgg/eKwRU 5KK74McgeJgvb03VgxdsPPNEfgrklou9YKlJKJqesC5DCPk7y7Ge28wFFNmmKrC5IiAE Jz7x1anX+c14Fz5MHvoVbiV/dAXU5F1ag7r62eLzxWVp6MoDAI5wnidPYbN4/q4sNZbe 1729JsoFM5Zest+hI3NHb5o0bcYf4/Uf2LsOQoD9cjKMqznuL3ijsZ86pV4/DZP31MVm ddUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:from:subject:cc:to:message-id:date; bh=d21rgY51Qr5mBBwUna8mE+woyWZQTre30+sZMZe3/Ho=; b=0NJP1npZB+8eWMGj0zswwKB4RSybEKtPmDM7KXHYzyWoFLYmqys4aSGkgyafGAtoxB xNvaMPERjmpa+OHY2UG4sr1AHoJ1vomqzRMY2jeVzUEHEMJX1wlHzFVkBjCIL2h9kpvW UOFCJW1vbmi09cGlVqwLomSRFhJ5JaTRuJb7LpofknSKicERFo5O9bPJbUHfZ86CVEGF MsocIzlKwOhOgcj4WTEorxMeG0GhBSjGABvYwX9jkxw6j/Dryaiw8gz63wclyvAkCLKq mTkqQQe4GHejkzWsuaZ4IUAF1zw7hn9UtrlmwKEARHrbbz2nyBTqAyuDV1gukAm2x5ue sJHg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id g23si2701322ejh.337.2020.04.28.14.13.07; Tue, 28 Apr 2020 14:13:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726476AbgD1VLO (ORCPT + 99 others); Tue, 28 Apr 2020 17:11:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40592 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726284AbgD1VLN (ORCPT ); Tue, 28 Apr 2020 17:11:13 -0400 Received: from shards.monkeyblade.net (shards.monkeyblade.net [IPv6:2620:137:e000::1:9]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0B28C03C1AC; Tue, 28 Apr 2020 14:11:13 -0700 (PDT) Received: from localhost (unknown [IPv6:2601:601:9f00:477::3d5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) (Authenticated sender: davem-davemloft) by shards.monkeyblade.net (Postfix) with ESMTPSA id 99016120F52B8; Tue, 28 Apr 2020 14:11:12 -0700 (PDT) Date: Tue, 28 Apr 2020 14:11:11 -0700 (PDT) Message-Id: <20200428.141111.54288142814578996.davem@davemloft.net> To: yuehaibing@huawei.com Cc: andrew.hendry@gmail.com, kuba@kernel.org, allison@lohutok.net, tglx@linutronix.de, gregkh@linuxfoundation.org, tanxin.ctf@gmail.com, xiyuyang19@fudan.edu.cn, linux-x25@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] net/x25: Fix null-ptr-deref in x25_disconnect From: David Miller In-Reply-To: <20200428081208.26308-1-yuehaibing@huawei.com> References: <000000000000cbf17205a452ad4f@google.com> <20200428081208.26308-1-yuehaibing@huawei.com> X-Mailer: Mew version 6.8 on Emacs 26.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 28 Apr 2020 14:11:13 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: YueHaibing Date: Tue, 28 Apr 2020 16:12:08 +0800 > We should check null before do x25_neigh_put in x25_disconnect, > otherwise may cause null-ptr-deref like this: ... > Reported-by: syzbot+6db548b615e5aeefdce2@syzkaller.appspotmail.com > Fixes: 4becb7ee5b3d ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect") > Signed-off-by: YueHaibing Applied.